| CVE-2024-2888 | WordPress Post and Page Builder by BoldGrid plugin <= 1.26.2 - Cross Site Scripting (XSS) vulnerability | BoldGrid | Post and Page Builder by BoldGrid – Visual Drag and Drop Editor | Medium | 6.5 | 2024-03-26 05:41:02 | Deep Dive |
| CVE-2023-6957 | Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting | techjewel | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | Medium | 4.9 | 2024-03-13 15:27:25 | Deep Dive |
| CVE-2024-0386 | weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer | boldgrid | weForms – Easy Drag & Drop Contact Form Builder For WordPress | High | 7.2 | 2024-03-12 21:34:34 | Deep Dive |
| CVE-2024-2127 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 6.4 | 2024-03-07 19:33:05 | Deep Dive |
| CVE-2024-1590 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 4.6 | 2024-02-23 09:32:38 | Deep Dive |
| CVE-2024-1218 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | Medium | 4.3 | 2024-02-20 18:56:50 | Deep Dive |
| CVE-2024-1217 | Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation | wpchill | Kali Forms — Contact Form & Drag-and-Drop Builder | High | 7.6 | 2024-02-20 18:56:35 | Deep Dive |
| CVE-2024-0685 | Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection | kstover | Ninja Forms – The Contact Form Builder That Grows With You | Medium | 5.9 | 2024-02-02 04:32:35 | Deep Dive |
| CVE-2024-22305 | WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR) | ali Forms | Contact Form builder with drag & drop for WordPress – Kali Forms | High | 7.5 | 2024-01-31 11:49:29 | Deep Dive |
| CVE-2024-0667 | Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 5.4 | 2024-01-27 03:32:46 | Deep Dive |
| CVE-2022-0402 | Superforms < 6.0.4 - Reflected Cross-Site Scripting | Unknown | Super Forms - Drag & Drop Form Builder | 中危 | - | 2024-01-16 15:51:01 | Deep Dive |
| CVE-2023-6738 | PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields | softaculous | Page Builder: Pagelayer – Drag and Drop website builder | Medium | 5.4 | 2024-01-04 03:30:13 | Deep Dive |
| CVE-2023-50896 | WordPress weForms Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) | weForms | weForms – Easy Drag & Drop Contact Form Builder For WordPress | Medium | 5.9 | 2023-12-29 11:09:16 | Deep Dive |
| CVE-2022-45377 | WordPress Drag and Drop Multiple File Upload for WooCommerce Plugin <= 1.0.8 is vulnerable to Multiple Vulnerabilities | Glen Don L. Mongaya | Drag and Drop Multiple File Upload for WooCommerce | Medium | 6.5 | 2023-12-21 13:06:33 | Deep Dive |
| CVE-2023-35909 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack | Saturday Drive | Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress | Medium | 5.3 | 2023-12-07 11:15:27 | Deep Dive |
| CVE-2023-5990 | Funnelforms Free < 3.4.2 - Form Deletion/Duplication via CSRF | Unknown | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor | - | - | 2023-12-04 21:29:11 | Deep Dive |
| CVE-2023-5385 | Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:37 | Deep Dive |
| CVE-2023-5383 | Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:35 | Deep Dive |
| CVE-2023-5387 | Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode | funnelforms | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free | Medium | 4.3 | 2023-11-22 15:33:35 | Deep Dive |
| CVE-2023-5469 | Drop Shadow Boxes <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | stevehenty | Drop Shadow Boxes | Medium | 6.4 | 2023-11-22 15:33:34 | Deep Dive |